Multiparty simultaneous quantum identity authentication based on entanglement 

swapping 



Jian WangQ Quan Zhang, and Chao-jing Tang 
School of Electronic Science and Engineering, 
National University of Defense Technology, 
Changsha, ^10073, China 

We present a multiparty simultaneous quantum identity authentication protocol based on entan- 
glement swapping. In our protocol, the multi-user can be authenticated by a trusted third party 
simultaneously. 
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Quantum cryptography has been one of the most re- 
markable applications of quantum mechanics in quantum 
information science. Quantum key distribution (QKD), 
which provides a way of exchanging a private key with 
unconditional security, has progressed rapidly since the 
first QKD protocol was proposed by Benneett and Bras- 
sard in 1984 0. A good many of other quantum commu- 
nication schemes have also been proposed and pursued, 
such as quantum secret sharing (QSS)@, y, 0, E| Iff El; 
quantum secure direct communicatio n (Q SDC) pjlilllcL 
IlllSISQHEIIlHIl! Epjpjpiand quan- 
tum identity authentication (QIA) |22l l23l I24L |25|. QSS 
is the generalization of classical secret sharing to quan- 
tum scenario and can share both classical and quantum 
messages among sharers. QSDC's object is to transmit 
the secret message directly without first establishing a 
key to encrypt it. Authentication is a well-studied area 
of classical cryptography, including identity and message 
authentication. QIA aims to generalize classical identity 
authentication to quantum scenario for providing uncon- 
ditional security. Duek et al. 22] proposed a secure 
quantum identification system combining a classical iden- 
tification procedure and quantum key distribution. Zeng 
and Zhang 23] put forward a quantum key verification 
scheme which can simultaneously distribute the quantum 
secret key and verify the communicators' identity. T. Mi- 
hara |24j presented three quantum identification schemes 
by using entangled state and unitary operation. Lee et 
al. [2j| presented two QSDC protocols with user authen- 
tication. 



In this paper, we present a multiparty simultaneous 
quantum identity authentication protocol based on en- 
tanglement swapping, which combines the idea in Ref. 
[2l| with that in Ref. |25]. In our protocol, We sup- 
pose a trusted third party, Trent, authenticates r legal 
users, {Alicei , A lice2, Alice r } simultaneously. Sim- 
ilar to Ref. pjj. Trent shares a secret identity num- 
ber IDi (i = i,2, • • • , r) and a secret hash function hi 
(i = 1, 2, • • • , r) with each user. Here the hash function 



is defined as 



h:{0,l} 1 x {0,i}" 1 ^ {0,l} r 



(1) 



where I, m and n denote the length of the identity num- 
ber, the length of a counter and the length of authenti- 
cation key, respectively. Thus the user's authentication 
key can be expressed as AK = h(ID, C), where C is the 
counter of calls on the user's hash function. When the 
length of the authentication key is not enough to satisfy 
the requirement of cryptographic task. The parties can 
increase the counter and then generates a new authenti- 
cation key. We denote the authentication keys of Alicei, 
Alice 2 , • • • , Alice r as AK Al = hA 1 (IDA 1 ,C , A 1 ) 1 AKa 2 = 
h A2 (ID A2 ,C A2 ), AK Ar = h Ar ( ID A r ,C Ar ), respec- 
tively. 

Entanglement swapping can entangle two quantum 
systems that do not have direct interaction with each 
other 26]. It plays an important role in quantum infor- 
mation. We first describe entanglement swapping simply. 
The four Bell states are 



|0±) = i=(|OO)±|ll)), 
|^±) = i=(|0l)±|10)). 



(2) 



Suppose two distant parties, Alice and Bob, share |0i~ 2 ) 
and |034) where Alice has qubits 1 and 4, and Bob pos- 
sesses 2 and 3. Note that 



2:1/ 



(3) 



After Bell basis measurement on qubits 1 and 4, the state 
of the qubits 1, 2, 3, 4 collapses to |$u}|023), 1014)102 



'23/ 
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|$u}|^23) and IV'ii)! 1 /'^) eacn with probability 1/4. If 
Alice and Bob share other Bell states, similar results can 
be achieved. 

In our protocol, the eight three-particle GHZ states are 



2 



defined 


as 






l*i> = 


-^(|000) + |111)), |* 2 ) = 


^=(1000)- 


1111)), 


1*3) = 


-j=(|100) + |011)),|* 4 ) = 


> 00) - 


ion)), 


l*5> = 


-^(|010) + |101)), |* 6 ) = 


^(|010>- 


lioi)), 


|* 7 ) = 


-J=(|110) + |001)), |* 8 ) = 


> 10> - 


1001)), 



(4) 



which form a complete orthonormal basis. The parties 
agree that the two unitary operations 

/=|0)(0| + |1)(1|, 
ia„ = |0)<l|-|l)<0|, (5) 

can be encoded into one bit classical information as 

/-» 0,iCT„ -» 1. (6) 

We first present our QIA protocol with two users 
(Alicei, Alice2) and then generalize it to the case with 
many users (Alicei, Alice 2 , • • • , Alice r ). Each user shares 
a authentication key with Trent, as we have described 
above. 

(51) Trent prepares an ordered N three-particle GHZ 
states, each of which is in the state |*i) = -i=(|000) + 

\111})ta 1 a 2 , where the subscripts T, A\ and A 2 repre- 
sent the three particles of each GHZ state. Trent takes 
particle T (A\, A 2 ) for each state to form an ordered par- 
ticle sequence, called T {A\, A 2 ) sequence. He then sends 
Ai and A 2 sequences to Alicei and Alice 2 , respectively 
and keeps T sequence. 

(52) To ensure the security of the quantum channel, 
the parties check eavesdropping as follows: (a) After 
hearing from the users, Trent selects randomly a suf- 
ficiently large subset from the ordered N GHZ states, 
(b) He measures the sampling particles in T sequence, 
in a random measuring basis, Z-basis(|0),|l)) or X-basis 
(l+) = 7f(|0) + |1)), h)=7f(|0) - |1))). (c) Trent an- 
nounces publicly the positions of the sampling particles 
and the measuring basis for each of the sampling parti- 
cles. Alicei (Alice 2 ) measures the sampling particles in 
A\ (A 2 ) sequence, in the same measuring basis as Trent. 
After measurements, the users publishes their measure- 
ment results, (d) Trent can then check the existence of 
eavesdropper by comparing their measurement results. If 
the channel is safe, their results must be completely cor- 
related. When Trent performs Z-basis measurement on 
his particle, Alices' result should be 1 00) (|11)) if Trent's 
result is |0) (|1)). On the contrary, Alices' result should 

be I + +) or I ) (| H — ) or | — h)) if Trent performs 

X-basis measurement on his particle and gets the result 
|+) (|— )). (e) If Trent confirms that their results are 
completely correlated, he announces publicly his mea- 
surement results of the sampling particles. The users 



can make certain whether they share a sequence of GHZ 
states with Trent. If the users confirms that there is no 
eavesdropping, they continue to execute the next step. 
Otherwise, they inform Trent and abort the communica- 
tion. 

(53) After hearing from the users, Trent divides ran- 
domly the remaining GHZ states into M ordered groups, 
{P(1) TAi a 2 , Q(lW 1 Ai>, {P(2)ta iA2 , Q(2)tm;^}, 
• • • , {P{M) TAl A 2 , Q{M) T , A[A , 2 }, where l, 2, • • • , M rep- 
resent the order of the group and the subscripts T and 
T" (Ai, A\ and A 2 , A' 2 ) denote the particles belonging 
to Trent (Alicei 's and Alky's ). 

(54) For each of the groups, Alicei (Alice 2 ) performs 
one of the two operations {/, i(T y } on particle A\ (A 2 ) 
according to her authentication key, AK Al (AK A2 ). For 
example, if the zth value of AK Al is (l), Alicei ex- 
ecutes I {i<Jy) operation on particle A\. As we have 
described above, here AK Al = h(ID Al ,C Al ), AK A2 = 
h(ID A2 , Ca 2 )- If the length of AK is not long enough to 
M, new AK can be generated by increasing the counter 
until the length of AK is no less than M. They inform 
Trent that they have transformed their qubit by using 
unitary operation according to their authentication keys. 

(55) After hearing from the users, Trent performs ran- 
domly I or i(T y operation on particles T in each group. 
After the three-party's operations, |*i) can be trans- 
formed into one of the eight three-particle GHZ states 
{|*i), |*i), • • • , |*8)}, as shown in Table 1. 



TABLE I: The transformation relations of GHZ states 





unitary operations performed on the three paticles 


1*1) 


J® J® J 


1*2) 


Iffy ®iOy ®iOy 


1*3) 


I ® iOy <g> iOy 


1*4) 


ia y (g> I ® / 


1*5) 


itjy (g> I (g) io y 


|* 6 ) 


I ® lOy (g> I 


|*7) 


io y ® ia y ® I 


|*8) 


I <g> / ® lOy 



(S6) Trent lets Alicei (Alice 2 ) measure particles A\ 
and A\ (A 2 and A' 2 ) of each group in Bell basis. After 
measurements, Alicei and Alicei publish their measure- 
ment results. Trent performs Bell basis measurement on 
particles T and T' of each group and authenticates the 
users according to their measurement results. We then 
explain it in detail. The state of a group can be written 
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as 

+ \ ( t ) TT')\ < l ) A 1 A' 1 )^A 2 A' 2 ) 

+\'PttM<P1 1 a[)\<Pa' 2 a' 2 ) + ^tt'Ma^Xa'J 
+I^)I^ 1 a;)I<^) + \^TT-)\r AlAli )\^- A2A , 2 ) 

+ \i>TT^X A ^~A,A- 2 ) + ^TT^MA^Xm))- 

(7) 

If Trent's random operation is ia y , Alicei's ith value of 
her authentication key is 1 which corresponds to opera- 
tion %<j y and Alice 2 's ith value of her authentication key is 
corresponding to operation /, \^\)tAxA 2 i s then trans- 
formed to \^-!)ta 1 a 2 and the state of the group becomes 

\*7) TAl A 2 ® 1*1 = ^WtT>)\^MaO^A 2 A> 2 ) 

-^tt-^maO^MA',) 
-^tt'^ma'^maO + \^tt>)\^a^)\4>a 2 a0 

m&t^XaO^maO - \&T>)\r AlAli )\r M ^) 

-^TT'M^MAO + \<t>TT')\^A lA[ m 2 A' 2 ))- 

(8) 

From the published results of Alicei and Alice2 and his 
measurement results, Trent can obtain the users' oper- 
ation information and then authenticates the users be- 
cause the three parties' results correspond to an exclu- 
sive state. For example, the results of Trent, Alicei 
and Alice2 are each \tp^, T ,), \ip AlA >) and |0^ 2yl /)- Ac- 
cording to Eq. (JSJ), the state of the group must be 
\^7)ta 1 a 2 ®\^i)t i A{A' 2 - Trent then knows the ith value 
of Alicei's and Alice2's authentication keys are each 1 
and because only the operation ia y ® io y ® I applied 
on particles T, A\ and A 2 can change the state j^i) 
into 1^7). Trent compares his deduced result with the 
authentication key they shared and then authenticates 
Alicei and Alice2- 

Now let us discuss the security for the present protocol. 
An eavesdropper, Eve, has little chance to eavesdrop the 
users' operation information because it is unnecessary for 
the users to resend their particles on which each of users 
has performed their corresponding operations according 
to their authentication keys, to the trusted third party. 
Moreover, from the published results of the users, Eve 
also cannot obtain any information of the users because 
she has no Trent's result. Suppose the published results 
of Alicei and Alice 2 are each \ip AA , ) and |4 2 A' )■ With- 
out Trent's result, Eve can only know that the state of 
the group is one of the four state {|* 5 )®|*i), |* 6 )(g)|*i}, 
|*7)®|*i), |* 8 )<8|*i)}- The eavesdropping check aims 
to prevent Eve from impersonating attack and let the le- 
gal users share a safe quantum channel with Trent. Sup- 
pose Eve prepares N ordered three-particles GHZ states, 



each of which is |*i) = -73GOOO) + \111)) FEi e 2 - Eve in- 
tercepts particles A\ and A2 and resends particles E\ and 
Ei to each Alicei and Alice 2 . Eve attempts to personate 
Trent for acquiring the users' authentication key. How- 
ever, during the eavesdropping check, Eve's attack will 
be detected by the parties because Eve cannot tamper 
with the classical message published by the trusted third 
party, Trent. Thus the users' results have no correlation 
with the result published by Trent. 

According to Stinespring dilation theorem, Eve's ac- 
tion can be realized by a unitary operation E on a large 
Hilbert space, H AlA2 (g) He- Then the state of Trent, 
Alicei, Alicei and Eve is 

1*)= E \st,a 1 ,a 2 )\T)\A 1 A 2 ), (9) 

T,A 1 ,A 2 £{0,1} 

where |e) denotes Eve's probe state and \T) and |^4iA 2 ) 
are states shared by Trent and the users. The condition 
on the states of Eve's probe is 

E ( £ T,AiM E T,A X ,A 2 ) = 1. (10) 

T,Ai,A2&{0A} 

As Eve can eavesdrop particle Ai and A2, Eve's action 
on the system can be written as 

|$) = i[|0)(ai|00)| £o oo)+/3i|01)|eooi)+7i|10)|eoio) 

+ <5i|ll)|e n)) + |l)(<5 2 |H)|£ioo) +72|10)|eioi) 
+ &|01)|eiio)+a 2 |0Q)|eiii)]. (11) 

The error rate introduced by Eve is e = 1 — |ai| 2 
I — |<5 2 | 2 . Here the complex numbers a, j3, 7 and 5 must 
satisfy E& = I. 

We then generalize our three-party QIA protocol to 
a multiparty one (more than three parties) (MQIA). 
In MQIA protocol, Trent can authenticate many users, 
{Alicei, Alice2, Alice,.} (r > 2) simultaneously. 

Trent prepares an ordered N (r+ l)-particle GHZ states 

-^(|00..-0) + |ll...l)) T)Ali ..., Ap . (12) 

The details of MQIA is very similar to those of three- 
party one. Trent sends A\ , A2 , • • • , A r sequences 
to each Alicei , Alice 2 , • • • , Alice r . Similar to step 
(S2), Trent and the users check eavesdropping. If 
they confirm the quantum channel is safe, they con- 
tinue to the next step. Otherwise, they abort the pro- 
tocol. Trent divides the remaining GHZ states into 
M ordered groups, [{P(l) TAl ... Ar , Q(1) T 'A' -A'J, 
{P(M) TAl ... Ar , Q(M) T /^... A; }]. Alicei, Alice 2 , 
Alice( r _!) each perform one of the two operations {J, 
i(Jy\ on their particles according to their authentication 
keys. Trent then performs randomly / or ia y operation 
on particle T in each group. Each user measures par- 
ticles Ai and A\ (i = 1, 2, • • • , r) of each group in Bell 
basis. After measurements, Alicei, Alice 2 , Alice,. 



4 



publish their measurement results. Trent performs Bell 
basis measurement on particles T and T" of each group 
and authenticates the users according to their measure- 
ment results. 

In summary, we have presented a multiparty simulta- 
neous quantum identity authentication protocol based on 
entanglement swapping. The trusted third party can au- 
thenticate many users simultaneously. If there are many 
users waiting for being authenticated by the system, the 



efficiency for identity authentication can be improved 
greatly. 
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